In Ansible version 2.4, the concept of dynamic includes (include_tasks) versus static imports (import_tasks) was introduced to clearly define the differences in how include works between dynamic and static includes.

All attributes applied to a dynamic include_* would only apply to the include itself, while attributes applied to a
static import_* would be inherited by the tasks within.

This separation was only partially implemented in Ansible version 2.4. As of Ansible version 2.5, this work is complete and the separation now behaves as designed; attributes applied to an include_* task will not be inherited by the tasks within.

To achieve an outcome similar to how Ansible worked prior to version 2.5, playbooks should use an explicit application of the attribute on the needed tasks, or use blocks to apply the attribute to many tasks. Another option is to use a static import_* when possible instead of a dynamic task.

We made several fixes to how we handle keywords and ‘inline variables’, to avoid conflating the two. Unfortunately these changes mean you must specify whether name is a keyword or a variable when calling roles. If you have playbooks that look like this:

roles:-{role:myrole,name:Justin,othervar:othervalue,become:True}

You will run into errors because Ansible reads name in this context as a keyword. Beginning in 2.5, if you want to use a variable name that is also a keyword, you must explicitly declare it as a variable for the role:

Using Ansible-provided jinja tests as filters will be removed in Ansible 2.9.

Prior to Ansible 2.5, jinja tests included within Ansible were most often used as filters. The large difference in use is that filters are referenced as variable|filter_name while jinja tests are referenced as variableistest_name.

Jinja tests are used for comparisons, while filters are used for data manipulation and have different applications in jinja. This change is to help differentiate the concepts for a better understanding of jinja, and where each can be appropriately used.

As of Ansible 2.5, using an Ansible provided jinja test with filter syntax, will display a deprecation error.

OLD In Ansible 2.4 (and earlier) the use of an Ansible included jinja test would likely look like this:

when:-result | failed-not result | success

NEW In Ansible 2.5 it should be changed to look like this:

when:-result is failed-results is not successful

In addition to the deprecation warnings, many new tests have been introduced that are aliases of the old tests. These new tests make more sense grammatically with the jinja test syntax, such as the new successful test which aliases success.

Additionally, a script was created to assist in the conversion for tests using filter syntax to proper jinja test syntax. This script has been used to convert all of the Ansible integration tests to the correct format. There are a few limitations documented, and all changes made by this script should be evaluated for correctness before executing the modified playbooks. The script can be found at https://github.com/ansible/ansible/blob/devel/hacking/fix_test_syntax.py.

In Ansible versions 2.4 and older, after creating a GitHub release using the create_release state, the github_release module reported state as skipped.
In Ansible version 2.5 and later, after creating a GitHub release using the create_release state, the github_release module now reports state as changed.

The file module changed from follow=False to follow=True because
its purpose is to modify the attributes of a file and most systems do not allow attributes to be
applied to symlinks, only to real files.

The replace module had its follow parameter removed because it
inherently modifies the content of an existing file so it makes no sense to operate on the link
itself.

The blockinfile module had its follow parameter removed because
it inherently modifies the content of an existing file so it makes no sense to operate on the
link itself.

In Ansible-2.5.3, the template module became more strict about its
src file being proper utf-8. Previously, non-utf8 contents in a template module src file
would result in a mangled output file (the non-utf8 characters would be replaced with a unicode
replacement character). Now, on Python2, the module will error out with the message, “Template
source files must be utf-8 encoded”. On Python3, the module will first attempt to pass the
non-utf8 characters through verbatim and fail if that does not succeed.

Inventory plugins have been fine tuned, and we have started to add some common features:

The ability to use a cache plugin to avoid costly API/DB queries is disabled by default.
If using inventory scripts, some may already support a cache, but it is outside of Ansible’s knowledge and control.
Moving to the internal cache will allow you to use Ansible’s existing cache refresh/invalidation mechanisms.

A new ‘auto’ plugin, enabled by default, that can automatically detect the correct plugin to use IF that plugin is using our ‘common YAML configuration format’.
The previous host_list, script, yaml and ini plugins still work as they did, the auto plugin is now the last one we attempt to use.
If you had customized the enabled plugins you should revise the setting to include the new auto plugin.

Shell plugins have been migrated to the new plugin configuration framework. It is now possible to customize more settings, and settings which were previously ‘global’ can now also be overriden using host specific variables.

For example, system_temps is a new setting that allows you to control what Ansible will consider a ‘system temporary dir’. This is used when escalating privileges for a non-administrative user. Previously this was hardcoded to ‘/tmp’, which some systems cannot use for privilege escalation. This setting now defaults to ['/var/tmp','/tmp'].

Another new setting is admin_users which allows you to specify a list of users to be considered ‘administrators’. Previously this was hardcoded to root. It now it defaults to [root,toor,admin]. This information is used when choosing between your remote_temp and system_temps directory.

For a full list, check the shell plugin you are using, the default shell plugin is sh.

Those that had to work around the global configuration limitations can now migrate to a per host/group settings,
but also note that the new defaults might conflict with existing usage if the assumptions don’t correlate to your environment.

The lookup plugin API now throws an error if a non-iterable value is returned from a plugin. Previously, numbers or
other non-iterable types returned by a plugin were accepted without error or warning. This change was made because plugins should always return a list. Please note that plugins that return strings and other non-list iterable values will not throw an error, but may cause unpredictable behavior. If you have a custom lookup plugin that does not return a list, you should modify it to wrap the return values in a list.

A new option was added to lookup plugins globally named error which allows you to control how errors produced by the lookup are handled, before this option they were always fatal. Valid values for this option are warn, ignore and strict. See the lookup page for more details.

Top-level connection arguments like username, host, and password are deprecated and will be removed in version 2.9.

OLD In Ansible < 2.4

-name:example of using top-level options for connection propertiesios_command:commands:show versionhost:"{{inventory_hostname}}"username:ciscopassword:ciscoauthorize:yesauth_pass:cisco

The deprecation warnings reflect this schedule. The task above, run in Ansible 2.5, will result in:

[DEPRECATION WARNING]:Param 'username' is deprecated. See the module docs for more information. This feature will be removed in version2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.[DEPRECATION WARNING]:Param 'password' is deprecated. See the module docs for more information. This feature will be removed in version2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.[DEPRECATION WARNING]:Param 'host' is deprecated. See the module docs for more information. This feature will be removed in version 2.9.Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

We recommend using the new connection types network_cli and netconf (see below), using standard Ansible connection properties, and setting those properties in inventory by group. As you update your playbooks and inventory files, you can easily make the change to become for privilege escalation (on platforms that support it). For more information, see the using become with network modules guide and the platform documentation.

Ansible 2.5 introduces two top-level persistent connection types, network_cli and netconf. With connection:local, each task passed the connection parameters, which had to be stored in your playbooks. With network_cli and netconf the playbook passes the connection parameters once, so you can pass them at the command line if you prefer. We recommend you use network_cli and netconf whenever possible.
Note that eAPI and NX-API still require local connections with provider dictionaries. See the platform documentation for more information. Unless you need a local connection, update your playbooks to use network_cli or netconf and to specify your connection variables with standard Ansible connection variables: